CVE-2023-37521: HCL BigFix OSD Bare Metal Server WebUI is affected by sensitive information disclosure
First published: Tue Jan 16 2024(Updated: )
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HCL BigFix Bare Metal Server WebUI | <311.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-37521?
CVE-2023-37521 is classified as a medium severity vulnerability.
How do I fix CVE-2023-37521?
To fix CVE-2023-37521, upgrade HCL BigFix Bare OSD Metal Server WebUI to version 311.28 or higher.
What kind of attack is possible with CVE-2023-37521?
CVE-2023-37521 could allow an attacker to execute malicious attacks by exploiting sensitive information in the query string.
Which versions of HCL BigFix Bare OSD Metal Server WebUI are affected by CVE-2023-37521?
HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower is affected by CVE-2023-37521.
Is CVE-2023-37521 related to web application security?
Yes, CVE-2023-37521 is a web application vulnerability that can expose sensitive information.
- agent/author
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/event
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hcltechsw
- canonical/hcl bigfix bare metal server webui